Warning: Permanently added '10.128.0.3' (ED25519) to the list of known hosts.
2025/11/07 16:50:02 parsed 1 programs
[ 50.691343][ T28] audit: type=1400 audit(1762534204.068:106): avc: denied { unlink } for pid=399 comm="syz-executor" name="swap-file" dev="sda1" ino=2026 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="root:object_r:swapfile_t"
[ 50.886854][ T399] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k
[ 51.577207][ T405] bridge0: port 1(bridge_slave_0) entered blocking state
[ 51.584578][ T405] bridge0: port 1(bridge_slave_0) entered disabled state
[ 51.592171][ T405] device bridge_slave_0 entered promiscuous mode
[ 51.599265][ T405] bridge0: port 2(bridge_slave_1) entered blocking state
[ 51.606451][ T405] bridge0: port 2(bridge_slave_1) entered disabled state
[ 51.614157][ T405] device bridge_slave_1 entered promiscuous mode
[ 51.677611][ T405] bridge0: port 2(bridge_slave_1) entered blocking state
[ 51.684733][ T405] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 51.692077][ T405] bridge0: port 1(bridge_slave_0) entered blocking state
[ 51.699193][ T405] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 51.718903][ T8] bridge0: port 1(bridge_slave_0) entered disabled state
[ 51.726276][ T8] bridge0: port 2(bridge_slave_1) entered disabled state
[ 51.734042][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 51.741656][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 51.750593][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 51.759077][ T8] bridge0: port 1(bridge_slave_0) entered blocking state
[ 51.766163][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 51.774847][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 51.783161][ T8] bridge0: port 2(bridge_slave_1) entered blocking state
[ 51.790222][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 51.803111][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 51.812541][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 51.827274][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 51.839079][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 51.847801][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 51.856056][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 51.864429][ T405] device veth0_vlan entered promiscuous mode
[ 51.874807][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 51.883960][ T405] device veth1_macvtap entered promiscuous mode
[ 51.893653][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 51.903694][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 52.220728][ T28] audit: type=1401 audit(1762534205.588:107): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768"
[ 52.275822][ T28] audit: type=1400 audit(1762534205.648:108): avc: denied { create } for pid=446 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 52.371852][ T8] device bridge_slave_1 left promiscuous mode
[ 52.378036][ T8] bridge0: port 2(bridge_slave_1) entered disabled state
[ 52.385743][ T8] device bridge_slave_0 left promiscuous mode
[ 52.392120][ T8] bridge0: port 1(bridge_slave_0) entered disabled state
[ 52.400075][ T8] device veth1_macvtap left promiscuous mode
[ 52.406201][ T8] device veth0_vlan left promiscuous mode
2025/11/07 16:50:06 executed programs: 0
[ 52.967090][ T469] bridge0: port 1(bridge_slave_0) entered blocking state
[ 52.974300][ T469] bridge0: port 1(bridge_slave_0) entered disabled state
[ 52.981843][ T469] device bridge_slave_0 entered promiscuous mode
[ 52.988736][ T469] bridge0: port 2(bridge_slave_1) entered blocking state
[ 52.995903][ T469] bridge0: port 2(bridge_slave_1) entered disabled state
[ 53.003399][ T469] device bridge_slave_1 entered promiscuous mode
[ 53.053378][ T469] bridge0: port 2(bridge_slave_1) entered blocking state
[ 53.060862][ T469] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 53.068341][ T469] bridge0: port 1(bridge_slave_0) entered blocking state
[ 53.075470][ T469] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 53.097069][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 53.105067][ T10] bridge0: port 1(bridge_slave_0) entered disabled state
[ 53.112527][ T10] bridge0: port 2(bridge_slave_1) entered disabled state
[ 53.121855][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 53.130202][ T10] bridge0: port 1(bridge_slave_0) entered blocking state
[ 53.137310][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 53.146531][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 53.155010][ T10] bridge0: port 2(bridge_slave_1) entered blocking state
[ 53.162074][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 53.175596][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 53.185349][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 53.200587][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 53.213438][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 53.221812][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 53.229453][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 53.245039][ T469] device veth0_vlan entered promiscuous mode
[ 53.256215][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 53.265756][ T469] device veth1_macvtap entered promiscuous mode
[ 53.276015][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 53.286281][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 53.321299][ T480] loop2: detected capacity change from 0 to 1024
[ 53.328148][ T480] =======================================================
[ 53.328148][ T480] WARNING: The mand mount option has been deprecated and
[ 53.328148][ T480] and is ignored by this kernel. Remove the mand
[ 53.328148][ T480] option from the mount to silence this warning.
[ 53.328148][ T480] =======================================================
[ 53.363715][ T480] EXT4-fs: Ignoring removed bh option
[ 53.369608][ T480] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 53.392928][ T480] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 53.402364][ T28] audit: type=1400 audit(1762534206.778:109): avc: denied { mount } for pid=479 comm="syz.2.17" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[ 53.426126][ T480] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3836: comm syz.2.17: Allocating blocks 497-513 which overlap fs metadata
[ 53.426644][ T28] audit: type=1400 audit(1762534206.778:110): avc: denied { write } for pid=479 comm="syz.2.17" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 53.442345][ T480] EXT4-fs (loop2): pa ffff888123abfc78: logic 64, phys. 193, len 20
[ 53.461431][ T28] audit: type=1400 audit(1762534206.778:111): avc: denied { add_name } for pid=479 comm="syz.2.17" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[ 53.469374][ T480] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 1
[ 53.490488][ T28] audit: type=1400 audit(1762534206.778:112): avc: denied { create } for pid=479 comm="syz.2.17" name="file1" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[ 53.520376][ T28] audit: type=1400 audit(1762534206.788:113): avc: denied { read write } for pid=479 comm="syz.2.17" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[ 53.543005][ T28] audit: type=1400 audit(1762534206.788:114): avc: denied { open } for pid=479 comm="syz.2.17" path="/0/file1/file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[ 53.543571][ T375] ==================================================================
[ 53.573929][ T375] BUG: KASAN: use-after-free in ext4_find_extent+0xbeb/0xe20
[ 53.581326][ T375] Read of size 4 at addr ffff88810ec81c94 by task kworker/u4:4/375
[ 53.589222][ T375]
[ 53.591566][ T375] CPU: 1 PID: 375 Comm: kworker/u4:4 Not tainted syzkaller #0
[ 53.599115][ T375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 53.609177][ T375] Workqueue: writeback wb_workfn (flush-7:2)
[ 53.615198][ T375] Call Trace:
[ 53.618480][ T375]
[ 53.621435][ T375] __dump_stack+0x21/0x24
[ 53.625776][ T375] dump_stack_lvl+0xee/0x150
[ 53.630370][ T375] ? __cfi_dump_stack_lvl+0x8/0x8
[ 53.635396][ T375] ? ext4_find_extent+0xbeb/0xe20
[ 53.640424][ T375] print_address_description+0x71/0x200
[ 53.645993][ T375] print_report+0x4a/0x60
[ 53.650326][ T375] kasan_report+0x122/0x150
[ 53.654845][ T375] ? ext4_find_extent+0xbeb/0xe20
[ 53.659891][ T375] __asan_report_load4_noabort+0x14/0x20
[ 53.665646][ T375] ext4_find_extent+0xbeb/0xe20
[ 53.670509][ T375] ? __cfi__raw_spin_lock_irqsave+0x10/0x10
[ 53.676413][ T375] ext4_ext_map_blocks+0x1da/0x6080
[ 53.681639][ T375] ? kasan_set_track+0x60/0x70
[ 53.686415][ T375] ? kasan_set_track+0x4b/0x70
[ 53.691186][ T375] ? kasan_save_alloc_info+0x25/0x30
[ 53.696481][ T375] ? __kasan_slab_alloc+0x72/0x80
[ 53.701623][ T375] ? slab_post_alloc_hook+0x4f/0x2d0
[ 53.706918][ T375] ? kmem_cache_alloc+0x16e/0x330
[ 53.711951][ T375] ? ext4_alloc_io_end_vec+0x2a/0x160
[ 53.717427][ T375] ? ext4_writepages+0xf42/0x3020
[ 53.722469][ T375] ? do_writepages+0x3a9/0x5e0
[ 53.727263][ T375] ? __writeback_single_inode+0xc6/0xad0
[ 53.733005][ T375] ? writeback_sb_inodes+0x9b8/0x1550
[ 53.738393][ T375] ? wb_writeback+0x3f1/0x980
[ 53.743078][ T375] ? wb_workfn+0x350/0xda0
[ 53.747679][ T375] ? process_one_work+0x71f/0xc40
[ 53.752713][ T375] ? worker_thread+0xa29/0x11f0
[ 53.757648][ T375] ? kthread+0x281/0x320
[ 53.761905][ T375] ? __cfi_ext4_ext_map_blocks+0x10/0x10
[ 53.767738][ T375] ? ext4_es_lookup_extent+0x54c/0x900
[ 53.773219][ T375] ext4_map_blocks+0x9cb/0x1b60
[ 53.778079][ T375] ? __cfi_ext4_map_blocks+0x10/0x10
[ 53.783411][ T375] ? ext4_inode_journal_mode+0x19a/0x480
[ 53.789079][ T375] ext4_writepages+0x1260/0x3020
[ 53.794058][ T375] ? xas_load+0x39e/0x3b0
[ 53.798500][ T375] ? __cfi_ext4_writepages+0x10/0x10
[ 53.803828][ T375] ? __kasan_check_write+0x14/0x20
[ 53.809140][ T375] ? __filemap_get_folio+0x81c/0x980
[ 53.814437][ T375] ? __kasan_check_read+0x11/0x20
[ 53.819649][ T375] ? folio_mark_accessed+0x1b8/0x4d0
[ 53.824956][ T375] ? __kasan_check_write+0x14/0x20
[ 53.830080][ T375] ? __cfi_ext4_writepages+0x10/0x10
[ 53.835523][ T375] do_writepages+0x3a9/0x5e0
[ 53.840211][ T375] ? __update_load_avg_cfs_rq+0xaf/0x2f0
[ 53.845862][ T375] ? __cfi_do_writepages+0x10/0x10
[ 53.850982][ T375] ? __kasan_check_write+0x14/0x20
[ 53.856106][ T375] ? _raw_spin_lock+0x8e/0xe0
[ 53.860813][ T375] __writeback_single_inode+0xc6/0xad0
[ 53.866279][ T375] ? inode_io_list_move_locked+0x366/0x3d0
[ 53.872100][ T375] writeback_sb_inodes+0x9b8/0x1550
[ 53.877307][ T375] ? check_preempt_wakeup+0x7fd/0xbc0
[ 53.882678][ T375] ? queue_io+0x4c0/0x4c0
[ 53.887105][ T375] ? __kasan_check_read+0x11/0x20
[ 53.892218][ T375] ? queue_io+0x382/0x4c0
[ 53.896604][ T375] wb_writeback+0x3f1/0x980
[ 53.901114][ T375] ? inode_cgwb_move_to_attached+0x3e0/0x3e0
[ 53.907100][ T375] ? set_worker_desc+0x155/0x1c0
[ 53.912073][ T375] ? update_load_avg+0x4c2/0x13f0
[ 53.917209][ T375] ? __kasan_check_write+0x14/0x20
[ 53.922339][ T375] ? sched_clock_cpu+0x6e/0x250
[ 53.927201][ T375] wb_workfn+0x350/0xda0
[ 53.931464][ T375] ? __cfi_wb_workfn+0x10/0x10
[ 53.936328][ T375] ? kthread_data+0x50/0xc0
[ 53.940839][ T375] ? _raw_spin_unlock+0x4c/0x70
[ 53.945708][ T375] ? finish_task_switch+0x16b/0x7b0
[ 53.950954][ T375] ? __switch_to_asm+0x3a/0x60
[ 53.955825][ T375] ? __schedule+0xb8f/0x14e0
[ 53.960420][ T375] ? __cfi__raw_spin_lock_irq+0x10/0x10
[ 53.965972][ T375] process_one_work+0x71f/0xc40
[ 53.971006][ T375] worker_thread+0xa29/0x11f0
[ 53.975775][ T375] ? _raw_spin_lock_irqsave+0xb0/0x110
[ 53.981402][ T375] ? __kthread_parkme+0x142/0x180
[ 53.986698][ T375] kthread+0x281/0x320
[ 53.990880][ T375] ? __cfi_worker_thread+0x10/0x10
[ 53.996169][ T375] ? __cfi_kthread+0x10/0x10
[ 54.000826][ T375] ret_from_fork+0x1f/0x30
[ 54.005252][ T375]
[ 54.008271][ T375]
[ 54.010595][ T375] The buggy address belongs to the physical page:
[ 54.017004][ T375] page:ffffea00043b2040 refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10ec81
[ 54.027246][ T375] flags: 0x4000000000000000(zone=1)
[ 54.032466][ T375] raw: 4000000000000000 dead000000000100 dead000000000122 0000000000000000
[ 54.041417][ T375] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[ 54.050277][ T375] page dumped because: kasan: bad access detected
[ 54.056796][ T375] page_owner tracks the page as freed
[ 54.062196][ T375] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x102dc2(GFP_HIGHUSER|__GFP_NOWARN|__GFP_ZERO), pid 453, tgid 453 (syz-executor), ts 52542659729, free_ts 52675236236
[ 54.080713][ T375] post_alloc_hook+0x1f5/0x210
[ 54.085491][ T375] prep_new_page+0x1c/0x110
[ 54.090031][ T375] get_page_from_freelist+0x2c7b/0x2cf0
[ 54.095615][ T375] __alloc_pages+0x1c3/0x450
[ 54.100320][ T375] __vmalloc_node_range+0x891/0x13d0
[ 54.105694][ T375] vmalloc_user+0x73/0x80
[ 54.110134][ T375] kcov_ioctl+0x57/0x640
[ 54.114408][ T375] __se_sys_ioctl+0x12f/0x1b0
[ 54.119103][ T375] __x64_sys_ioctl+0x7b/0x90
[ 54.123703][ T375] x64_sys_call+0x58b/0x9a0
[ 54.128215][ T375] do_syscall_64+0x4c/0xa0
[ 54.132655][ T375] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 54.138642][ T375] page last free stack trace:
[ 54.143308][ T375] free_unref_page_prepare+0x742/0x750
[ 54.148859][ T375] free_unref_page+0x8f/0x530
[ 54.153549][ T375] __free_pages+0x67/0x100
[ 54.157973][ T375] __vunmap+0x9af/0xb70
[ 54.162133][ T375] vfree+0x61/0x90
[ 54.165858][ T375] kcov_close+0x2b/0x50
[ 54.170119][ T375] __fput+0x1fc/0x8f0
[ 54.174107][ T375] ____fput+0x15/0x20
[ 54.178101][ T375] task_work_run+0x1db/0x240
[ 54.182699][ T375] do_exit+0xa25/0x2650
[ 54.186868][ T375] do_group_exit+0x210/0x2d0
[ 54.191464][ T375] get_signal+0x13b5/0x1520
[ 54.195978][ T375] arch_do_signal_or_restart+0xb0/0x1030
[ 54.201702][ T375] exit_to_user_mode_loop+0x7a/0xb0
[ 54.206964][ T375] exit_to_user_mode_prepare+0x87/0xd0
[ 54.212513][ T375] syscall_exit_to_user_mode+0x1a/0x30
[ 54.217998][ T375]
[ 54.220322][ T375] Memory state around the buggy address:
[ 54.226041][ T375] ffff88810ec81b80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 54.234107][ T375] ffff88810ec81c00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 54.242184][ T375] >ffff88810ec81c80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 54.250253][ T375] ^
[ 54.254844][ T375] ffff88810ec81d00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 54.263014][ T375] ffff88810ec81d80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
[ 54.271180][ T375] ==================================================================
[ 54.284360][ T375] Disabling lock debugging due to kernel taint
[ 54.290636][ T375] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 36 with max blocks 1 with error 117
[ 54.293324][ T28] audit: type=1400 audit(1762534206.818:115): avc: denied { setattr } for pid=479 comm="syz.2.17" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[ 54.303142][ T375] EXT4-fs (loop2): This should not happen!! Data will be lost
[ 54.303142][ T375]
[ 54.338768][ T469] EXT4-fs (loop2): unmounting filesystem.
[ 54.356359][ T485] loop2: detected capacity change from 0 to 1024
[ 54.371668][ T485] EXT4-fs: Ignoring removed bh option
[ 54.377441][ T485] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 54.392398][ T485] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 54.419174][ T485] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3836: comm syz.2.18: Allocating blocks 497-513 which overlap fs metadata
[ 54.433739][ T485] EXT4-fs (loop2): pa ffff888123a28bd0: logic 64, phys. 193, len 20
[ 54.441903][ T485] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 1
[ 54.454061][ T10] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 36 with max blocks 1 with error 117
[ 54.466519][ T10] EXT4-fs (loop2): This should not happen!! Data will be lost
[ 54.466519][ T10]
[ 54.479747][ T469] EXT4-fs (loop2): unmounting filesystem.
[ 54.500351][ T489] loop2: detected capacity change from 0 to 1024
[ 54.511326][ T489] EXT4-fs: Ignoring removed bh option
[ 54.521618][ T489] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 54.543010][ T489] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 54.563641][ T489] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3836: comm syz.2.19: Allocating blocks 497-513 which overlap fs metadata
[ 54.578733][ T489] EXT4-fs (loop2): pa ffff888123a280a8: logic 64, phys. 193, len 20
[ 54.587028][ T489] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 1
[ 54.599091][ T10] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 36 with max blocks 1 with error 117
[ 54.611566][ T10] EXT4-fs (loop2): This should not happen!! Data will be lost
[ 54.611566][ T10]
[ 54.623989][ T469] EXT4-fs (loop2): unmounting filesystem.
[ 54.643662][ T493] loop2: detected capacity change from 0 to 1024
[ 54.653675][ T493] EXT4-fs: Ignoring removed bh option
[ 54.659731][ T493] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 54.682664][ T493] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 54.703596][ T493] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3836: comm syz.2.20: Allocating blocks 497-513 which overlap fs metadata
[ 54.718367][ T493] EXT4-fs (loop2): pa ffff888123b232a0: logic 64, phys. 193, len 20
[ 54.726449][ T493] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 1
[ 54.738711][ T10] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 36 with max blocks 1 with error 117
[ 54.751223][ T10] EXT4-fs (loop2): This should not happen!! Data will be lost
[ 54.751223][ T10]
[ 54.763514][ T469] EXT4-fs (loop2): unmounting filesystem.
[ 54.785072][ T497] loop2: detected capacity change from 0 to 1024
[ 54.792092][ T497] EXT4-fs: Ignoring removed bh option
[ 54.798165][ T497] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 54.812518][ T497] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 54.832722][ T497] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3836: comm syz.2.21: Allocating blocks 497-513 which overlap fs metadata
[ 54.847406][ T497] EXT4-fs (loop2): pa ffff888123b233f0: logic 64, phys. 193, len 20
[ 54.855546][ T497] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 1
[ 54.868019][ T10] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 36 with max blocks 1 with error 117
[ 54.880690][ T10] EXT4-fs (loop2): This should not happen!! Data will be lost
[ 54.880690][ T10]
[ 54.893358][ T469] EXT4-fs (loop2): unmounting filesystem.
[ 54.909460][ T501] loop2: detected capacity change from 0 to 1024
[ 54.916634][ T501] EXT4-fs: Ignoring removed bh option
[ 54.922717][ T501] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 54.943560][ T501] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 54.963036][ T501] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3836: comm syz.2.22: Allocating blocks 497-513 which overlap fs metadata
[ 54.977434][ T501] EXT4-fs (loop2): pa ffff88812a827888: logic 64, phys. 193, len 20
[ 54.985577][ T501] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 1
[ 54.997718][ T10] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 36 with max blocks 1 with error 117
[ 55.010416][ T10] EXT4-fs (loop2): This should not happen!! Data will be lost
[ 55.010416][ T10]
[ 55.023164][ T469] EXT4-fs (loop2): unmounting filesystem.
[ 55.049366][ T505] loop2: detected capacity change from 0 to 1024
[ 55.056450][ T505] EXT4-fs: Ignoring removed bh option
[ 55.062189][ T505] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 55.092191][ T505] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 55.113510][ T505] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3836: comm syz.2.23: Allocating blocks 497-513 which overlap fs metadata
[ 55.127971][ T505] EXT4-fs (loop2): pa ffff88812a8275e8: logic 64, phys. 193, len 20
[ 55.136063][ T505] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 1
[ 55.148520][ T10] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 36 with max blocks 1 with error 117
[ 55.161161][ T10] EXT4-fs (loop2): This should not happen!! Data will be lost
[ 55.161161][ T10]
[ 55.173221][ T469] EXT4-fs (loop2): unmounting filesystem.
[ 55.195091][ T509] loop2: detected capacity change from 0 to 1024
[ 55.201946][ T509] EXT4-fs: Ignoring removed bh option
[ 55.207694][ T509] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 55.224634][ T509] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 55.245478][ T509] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3836: comm syz.2.24: Allocating blocks 497-513 which overlap fs metadata
[ 55.260070][ T509] EXT4-fs (loop2): pa ffff88812a847888: logic 64, phys. 193, len 20
[ 55.268163][ T509] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 1
[ 55.280253][ T43] EXT4-fs error (device loop2): ext4_map_blocks:745: inode #15: block 33822867425445: comm kworker/u4:2: lblock 36 mapped to illegal pblock 33822867425445 (length 1)
[ 55.297742][ T43] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 36 with max blocks 1 with error 117
[ 55.310324][ T43] EXT4-fs (loop2): This should not happen!! Data will be lost
[ 55.310324][ T43]
[ 55.328760][ T469] EXT4-fs (loop2): unmounting filesystem.
[ 55.352121][ T513] loop2: detected capacity change from 0 to 1024
[ 55.359148][ T513] EXT4-fs: Ignoring removed bh option
[ 55.365022][ T513] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 55.385005][ T513] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 55.404332][ T513] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3836: comm syz.2.25: Allocating blocks 497-513 which overlap fs metadata
[ 55.419456][ T513] EXT4-fs (loop2): pa ffff888123b23888: logic 64, phys. 193, len 20
[ 55.427651][ T513] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 1
[ 55.440900][ T43] EXT4-fs error (device loop2): ext4_map_blocks:745: inode #15: block 17364552747173: comm kworker/u4:2: lblock 36 mapped to illegal pblock 17364552747173 (length 1)
[ 55.457985][ T43] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 36 with max blocks 1 with error 117
[ 55.470398][ T43] EXT4-fs (loop2): This should not happen!! Data will be lost
[ 55.470398][ T43]
[ 55.483125][ T469] EXT4-fs (loop2): unmounting filesystem.
[ 55.499629][ T518] loop2: detected capacity change from 0 to 1024
[ 55.506438][ T518] EXT4-fs: Ignoring removed bh option
[ 55.512882][ T518] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 55.532332][ T518] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 55.552114][ T518] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3836: comm syz.2.26: Allocating blocks 497-513 which overlap fs metadata
[ 55.566689][ T518] EXT4-fs (loop2): pa ffff88812a847498: logic 64, phys. 193, len 20
[ 55.574786][ T518] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4876: group 0, free 0, pa_free 1
[ 55.586951][ T8] EXT4-fs warning (device loop2): ext4_convert_unwritten_extents:4872: inode #15: block 36: len 1: ext4_ext_map_blocks returned -28
[ 55.603958][ T469] EXT4-fs (loop2): unmounting filesystem.
[ 55.621151][ T416] general protection fault, probably for non-canonical address 0x96fec9293ef09001: 0000 [#1] PREEMPT SMP KASAN
[ 55.624927][ T522] loop2: detected capacity change from 0 to 1024
[ 55.633089][ T416] CPU: 1 PID: 416 Comm: udevd Tainted: G B syzkaller #0
[ 55.633111][ T416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 55.633121][ T416] RIP: 0010:kmem_cache_alloc+0xf7/0x330
[ 55.633152][ T416] Code: 08 48 8b 38 48 85 ff 0f 84 bd 00 00 00 48 83 78 10 00 0f 84 b2 00 00 00 41 8b 47 28 48 8d 0c 07 49 8b 9f d8 00 00 00 48 0f c9 <48> 33 1c 07 48 31 cb 48 8d 4a 08 4d 8b 07 48 89 f8 65 49 0f c7 08
[ 55.633167][ T416] RSP: 0018:ffffc90000b67758 EFLAGS: 00010286
[ 55.633185][ T416] RAX: 0000000000000018 RBX: 4ac84ef0b9c070fd RCX: 0190f03e29c9fe96
[ 55.641465][ T522] EXT4-fs: Ignoring removed bh option
[ 55.647952][ T416] RDX: 0000000000015859 RSI: 0000000000000038 RDI: 96fec9293ef08fe9
[ 55.647972][ T416] RBP: ffffc90000b677a0 R08: dffffc0000000000 R09: ffff88811f91a660
[ 55.658865][ T522] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 55.663577][ T416] R10: 0000000000000000 R11: 1ffff11023f234cc R12: 0000000000000038
[ 55.663595][ T416] R13: ffffffff823438c3 R14: 0000000000000d40 R15: ffff8881001eb500
[ 55.663608][ T416] FS: 00007ff6f3d41880(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 55.663627][ T416] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 55.692749][ T522] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[ 55.697800][ T416] CR2: 00007f00b264f742 CR3: 00000001151f3000 CR4: 00000000003506a0
[ 55.717251][ T522] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:3836: comm syz.2.27: Allocating blocks 497-513 which overlap fs metadata
[ 55.719322][ T416] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 55.732191][ T522] EXT4-fs (loop2): pa ffff88812a847a80: logic 64, phys. 193, len 20
[ 55.738593][ T416] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 55.746823][ T522] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:4876: group 0,
[ 55.755808][ T416] Call Trace:
[ 55.755817][ T416]
[ 55.755823][ T416] ? slab_pre_alloc_hook+0x30/0x1e0
[ 55.762464][ T522] free 0, pa_free 1
[ 55.771447][ T416] ? security_inode_alloc+0x33/0x120
[ 55.771483][ T416] security_inode_alloc+0x33/0x120
[ 55.771511][ T416] inode_init_always+0x6fc/0x960
[ 55.771531][ T416] new_inode_pseudo+0xa2/0x1f0
[ 55.861185][ T416] new_inode+0x28/0x1e0
[ 55.865363][ T416] ? __kasan_check_write+0x14/0x20
[ 55.870563][ T416] shmem_get_inode+0x349/0xc20
[ 55.875331][ T416] shmem_mknod+0x5c/0x1d0
[ 55.879669][ T416] shmem_create+0x2c/0x40
[ 55.884002][ T416] ? __cfi_shmem_create+0x10/0x10
[ 55.889040][ T416] path_openat+0x11e3/0x2f50
[ 55.893634][ T416] ? do_filp_open+0x3c0/0x3c0
[ 55.898338][ T416] do_filp_open+0x1c1/0x3c0
[ 55.902862][ T416] ? __cfi_do_filp_open+0x10/0x10
[ 55.907911][ T416] ? alloc_fd+0x4e6/0x590
[ 55.912259][ T416] do_sys_openat2+0x185/0x7e0
[ 55.916950][ T416] ? slab_free_freelist_hook+0xc2/0x190
[ 55.922509][ T416] ? do_sys_open+0xe0/0xe0
[ 55.926931][ T416] ? do_mkdirat+0x459/0x4c0
[ 55.931438][ T416] ? kmem_cache_free+0x12d/0x300
[ 55.936388][ T416] __x64_sys_openat+0x136/0x160
[ 55.941278][ T416] x64_sys_call+0x783/0x9a0
[ 55.945789][ T416] do_syscall_64+0x4c/0xa0
[ 55.950295][ T416] ? clear_bhb_loop+0x30/0x80
[ 55.954982][ T416] ? clear_bhb_loop+0x30/0x80
[ 55.959677][ T416] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 55.965688][ T416] RIP: 0033:0x7ff6f36a7407
[ 55.970111][ T416] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[ 55.989905][ T416] RSP: 002b:00007ffc0e9a3660 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[ 55.998431][ T416] RAX: ffffffffffffffda RBX: 00007ff6f3d41880 RCX: 00007ff6f36a7407
[ 56.006406][ T416] RDX: 00000000000a0241 RSI: 00007ffc0e9a4320 RDI: ffffffffffffff9c
[ 56.014386][ T416] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 56.022460][ T416] R10: 0000000000000124 R11: 0000000000000202 R12: 000055758749c9d0
[ 56.030517][ T416] R13: 00007ffc0e9a4320 R14: 00007ffc0e9a3f20 R15: 00007ffc0e9a3b20
[ 56.038510][ T416]
[ 56.041550][ T416] Modules linked in:
[ 56.046812][ T416] ---[ end trace 0000000000000000 ]---
[ 56.047202][ T8] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 36 with max blocks 1 with error 117
[ 56.052474][ T416] RIP: 0010:kmem_cache_alloc+0xf7/0x330
[ 56.064973][ T8] EXT4-fs (loop2): This should not happen!! Data will be lost
[ 56.064973][ T8]
[ 56.070457][ T416] Code: 08 48 8b 38 48 85 ff 0f 84 bd 00 00 00 48 83 78 10 00 0f 84 b2 00 00 00 41 8b 47 28 48 8d 0c 07 49 8b 9f d8 00 00 00 48 0f c9 <48> 33 1c 07 48 31 cb 48 8d 4a 08 4d 8b 07 48 89 f8 65 49 0f c7 08
[ 56.092983][ T469] EXT4-fs (loop2): unmounting filesystem.
[ 56.100546][ T416] RSP: 0018:ffffc90000b67758 EFLAGS: 00010286
[ 56.112432][ T416] RAX: 0000000000000018 RBX: 4ac84ef0b9c070fd RCX: 0190f03e29c9fe96
[ 56.114464][ T469] general protection fault, probably for non-canonical address 0x96fec9293ef09001: 0000 [#2] PREEMPT SMP KASAN
[ 56.120533][ T416] RDX: 0000000000015859 RSI: 0000000000000038 RDI: 96fec9293ef08fe9
[ 56.132328][ T469] CPU: 1 PID: 469 Comm: syz-executor Tainted: G B D syzkaller #0
[ 56.132351][ T469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[ 56.132361][ T469] RIP: 0010:kmem_cache_alloc+0xf7/0x330
[ 56.132394][ T469] Code: 08 48 8b 38 48 85 ff 0f 84 bd 00 00 00 48 83 78 10 00 0f 84 b2 00 00 00 41 8b 47 28 48 8d 0c 07 49 8b 9f d8 00 00 00 48 0f c9 <48> 33 1c 07 48 31 cb 48 8d 4a 08 4d 8b 07 48 89 f8 65 49 0f c7 08
[ 56.132409][ T469] RSP: 0018:ffffc90000be7ba8 EFLAGS: 00010286
[ 56.132426][ T469] RAX: 0000000000000018 RBX: 4ac84ef0b9c070fd RCX: 0190f03e29c9fe96
[ 56.140974][ T416] RBP: ffffc90000b677a0 R08: dffffc0000000000 R09: ffff88811f91a660
[ 56.149333][ T469] RDX: 0000000000015859 RSI: 0000000000000038 RDI: 96fec9293ef08fe9
[ 56.159561][ T416] R10: 0000000000000000 R11: 1ffff11023f234cc R12: 0000000000000038
[ 56.164933][ T469] RBP: ffffc90000be7bf0 R08: dffffc0000000000 R09: ffff88811f91adf0
[ 56.164950][ T469] R10: 0000000000000000 R11: 1ffff11023f235be R12: 0000000000000038
[ 56.164962][ T469] R13: ffffffff823438c3 R14: 0000000000000d40 R15: ffff8881001eb500
[ 56.164976][ T469] FS: 000055556f717500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 56.184746][ T416] R13: ffffffff823438c3 R14: 0000000000000d40 R15: ffff8881001eb500
[ 56.190735][ T469] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 56.198741][ T416] FS: 00007ff6f3d41880(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 56.206692][ T469] CR2: 000055556f73a4e8 CR3: 000000012c2e1000 CR4: 00000000003506a0
[ 56.206712][ T469] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 56.214684][ T416] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 56.222737][ T469] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 56.222753][ T469] Call Trace:
[ 56.222758][ T469]
[ 56.222764][ T469] ? slab_pre_alloc_hook+0x30/0x1e0
[ 56.230751][ T416] CR2: 000000c00709b000 CR3: 00000001151f3000 CR4: 00000000003506b0
[ 56.238728][ T469] ? security_inode_alloc+0x33/0x120
[ 56.246730][ T416] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 56.255627][ T469] security_inode_alloc+0x33/0x120
[ 56.255651][ T469] inode_init_always+0x6fc/0x960
[ 56.255671][ T469] new_inode_pseudo+0xa2/0x1f0
[ 56.264977][ T416] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 56.270334][ T469] new_inode+0x28/0x1e0
[ 56.279598][ T416] Kernel panic - not syncing: Fatal exception
[ 56.287258][ T469] ? show_sid+0x1b0/0x1b0
[ 56.287289][ T469] shmem_get_inode+0x349/0xc20
[ 56.287315][ T469] shmem_mknod+0x5c/0x1d0
[ 56.287338][ T469] ? selinux_inode_mkdir+0x22/0x30
[ 56.287357][ T469] shmem_mkdir+0x2f/0x60
[ 56.287380][ T469] vfs_mkdir+0x39c/0x580
[ 56.287402][ T469] do_mkdirat+0x171/0x4c0
[ 56.287423][ T469] __x64_sys_mkdirat+0x89/0xa0
[ 56.287444][ T469] x64_sys_call+0x73d/0x9a0
[ 56.287464][ T469] do_syscall_64+0x4c/0xa0
[ 56.287483][ T469] ? clear_bhb_loop+0x30/0x80
[ 56.287507][ T469] ? clear_bhb_loop+0x30/0x80
[ 56.287531][ T469] entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 56.287565][ T469] RIP: 0033:0x7f00b258d717
[ 56.287580][ T469] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 56.287595][ T469] RSP: 002b:00007ffe766e5988 EFLAGS: 00000206 ORIG_RAX: 0000000000000102
[ 56.287614][ T469] RAX: ffffffffffffffda RBX: 00007ffe766e59e0 RCX: 00007f00b258d717
[ 56.287628][ T469] RDX: 00000000000001ff RSI: 00007ffe766e59e0 RDI: 00000000ffffff9c
[ 56.287640][ T469] RBP: 00007ffe766e59cc R08: 0000000000000004 R09: 00007ffe766e5726
[ 56.287651][ T469] R10: 0000000000000000 R11: 0000000000000206 R12: 000000000000000b
[ 56.287662][ T469] R13: 00000000000927c0 R14: 000000000000d92d R15: 00007ffe766e5a20
[ 56.287677][ T469]
[ 56.287689][ T469] Modules linked in:
[ 56.295914][ T416] Kernel Offset: disabled
[ 56.521900][ T416] Rebooting in 86400 seconds..